Blocking Trojan

[Paul_and_Paco]

We just ran up against a really bad trojan called Reveton.b that locks up your computer from the start menu. If you happen to run into this nasty bit of malware, and you cannot miss it... Its page tells you you have been infringing on copyright laws, or downloading porn, all with a letterhead of the FBI. It is a scam to extort money via Moneypacks, even if the payments do not remove the block.

Reveton.b is not self-replicating, but it will heal itself if you do not remove all the files associated with it, including the registry entries and origin in the temp folders.

To remove it, turn your computer off, restart in Safe Mode with your internet connection turned off. Run Malware-bytes. This will remove the associated files and start-up .dll. After that, run your regular virus scan and remove the cookies it finds. We did a complete clean-up afterwards to be sure. Then restart your computer and turn your connection back on.

I hope you do not get zapped.

[Camy]

Thank you so much for posting this, especially good are the detailed removal instructions. Excellent!

Any idea how you got it?

[Paul_and_Paco]

In school and being naughty... looking for something cute on a photo extractor site via Google.

[Paul_and_Paco]

I wanted people to know... I was not on a porn site, or something weird. So, it was a place anyone might drop past and pick that trojan up. I meant I was in school when I wrote the "warning post", when I should have been reading a lesson. Still got read.

[Merkin]

'In school and being naughty' does it for me. No need to go on about it.

[The Pecman]

I'm not convinced that any virus-removal tool will work. I almost always recommend that people back up their files, then do a "scorched earth policy" and just wipe the boot drive, re-install Windows, re-install all the anti-virus / anti-spyware / anti-malware, re-install all your applications, then copy over your data files as needed. I can guarantee this will work, though it does take time.

Some viruses are very, very sneaky and evil, even hiding in the background and then re-initializing themselves after a period of being dormant for a few days. (Note that I have never encountered viruses or adware on Mac OSX or Linux.)